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(54) Hue: METHOD AND DEVICE OF DISABLING THE UNAUTHORISED USE OF A COMPUTER 
(57) Abstract 



The present invention relates to a 
method for avoiding unauthorised use of 
a personal computer by means of chip 
card and a respective installation. The 
booting of main processor unit is possible 
after entering of ID code stored on the 
chip card, during the power on self-test 
only. The chip card reader can be placed 
in 3 5" floppy drive slot 
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METHOD AND DEVICE OF DISABLING 
THE UNAUTHORISED USE OF A COMPUTER 

Field of the invention 

5 

This invention concerns a method of disabling the unauthorised usage of an IBM- 
compatible personal computer and/or data contained therein, using a chip card and chip 
card reader. It is also possible to integrate the hardware, required by the chip card reader, 
onto the motherboard of a computer. The invention disables the access to computer or 

10 data without a valid chip card. The invention includes a chip card, card ID, decrypting 
key, contained on the chip card, chip card reader, ISA bus add-on card for reader, reader 
BIOS (with address decoder and I/O ports) and chip card read/write electronics. There 
are different software solutions for keeping the decrypting key on the chip card and 
encrypting/decrypting algorithms in the card reader ROM. Also, in different solutions, 

15 the chip cards can be selected by type as required, i.e. the method and the reader are 
universal. The present invention is useful in the working places, where there are many 
people around and there is a danger of leaking confidential or secret data. However the 
use of the present invention is not restricted to this solution and the invention is 
applicable for various applications. 

20 

Background of the invention 

When using computers for data processing and storage, it is very important to 
keep this data safe from unauthorised access. The contemporary methods are used widely 

25 to prevent data from unauthorised access, but they do not give enough protection. For 
example, US patent No. 5 187 352, G06K 005/00, (W. Blair, S. J. Brooks, 16.02.1993) 
discloses computer security system, that provides for controlled access to single or 
multiple components of a computer system. The system includes a magnetic card reading 
and encoding device that reads component access and time allotment data from a 

30 magnetically encoded card. In the US patent No. 4 575 703, G06K 013/04, (Sony 
Corporation, 11.03.1986) a card and device are disclosed for reading the data from the 
card. 
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The passwords, used in the boot process of a computer are easy to steal, one only 
has to look over the shoulder while the password is entered and memorise it. Also, there 
are factory passwords (Bypass password), which is the same for all motherboards of the 
same producer. Other authorisation methods, based on the chip cards, are relaying 
5 heavily on the software, which is easy to delete from the hard drive disk and after reboot, 
the safeguard is not active. For example, US patent No. 4 757 533, H04L, 009/00, 
(Computer Security Corporation, 12.07.1988) discloses a security system for a persona] 
computer, in which hardware and software are combined to provide a tamper-proof 
manner of protecting user-access and file-access. This system for restricting unauthorised 
10 access uses chip card reader, which will use the software to check for the card, it's ID 
number, decrypting key and password during boot process, before the computer passes 
control to user. This process is not intenuptible by user. The control over the computer 
stays with the card reader. After finishing the boot process, it is possible to use different 
software solutions, based on the chip card. 

15 

Chip cards and all the components used for electronics block (ISA card) are 
common and will not be discussed here. Also, the internal functions of a PC and used 
terminology are common. 

20 Summary of the invention 

The object of the present invention is to strengthen the security of the computer, 
i.e. disabling the theft of the data and unauthorised usage of a computer. At the same 
time,' it is possible to use the invention to disable the access only to certain data (files, 
25 catalogues, logical drives, programmes), to collect and record different types of data 
(customer data, financial data, customer's recontra data, personal data and/or decrypting 
keys) to different chip cards, to process the data without physically typing the data in. 
The object of the invention is achieved by using the method and device described in more 
detail below, according to the appended claims. 

30 
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Brief description of the drawings 

Fig. 1 is the block diagram of the device according to the present invention. 

5 Detailed description of the invention 

According to the present invention, the authorisation of the user must be 
accomplished before giving control to the operating system. The card must be inserted in 
the card reader before the end of a boot process; the computer will then read the ID code 

10 from the card and compares it with the ID code, recorded during installation of the card 
reader. If there is decrypting algorithm present in the card reader's ROM, the decrypting 
key, used to access encrypted data, will also be read from the card. If there is no card 
present in the reader during boot process, the boot process will not be finished and the 
control will not be transferred to any operating system or external device (like floppy 

15 drive), thanks to the feature of the card reader of the invention. The data protection, 
using the chip card and reader, can be achieved in many ways. 

According to the fist embodiment of the invention the card reader is initialized, 
using the standard computer BIOS - POST ROM Scan subfunction (search for add-on 
card BIOS' s). The card reader BIOS will be found by extension BIOS attribute - the first 

20 two bytes (55h and Aah) in BIOS, beginning from address 0000. The control over the 
computer will be transferred to the card reader, which will read the installing signature 
from the computer hard drive disk. If the signature is not present, the control will be 
given back to computer and the boot will continue normally. This solution will not 
control the boot process, but it enables data exchange between the card reader and the 

25 computer, using different pieces of software. 

According to the second embodiment of the invention the card reader is 
initialized, using the standard computer BIOS - POST ROM Scan subfunction (search for 
add-on card BIOS's). The cardreader BIOS will be found by extension BIOS attribute - 
the first two bytes (55h and Aah) in BIOS, beginning from address 0000. The control 

70 over the computer will be transferred to the card reader, which will read the installing 
signature from the computer's hard drive disk. If the signature is present, the chip card 
will be initialized by the command, protocol of which differs between different card 
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types. Then the ID code recorded in the card memory (offset 0) will be read and 
compared to the ID code on the hard drive disk. If the ID codes match, the control will 
be transferred back to computer BIOS and the boot process continues. In this situation the 
boot process is controlled and the data exchange between the computer and chip card is 
5 possible, using different pieces of software. 

According to the third embodiment of the invention the card reader is initialized, 
using the standard computer BIOS - POST ROM Scan subfunction (search for add-on 
card BIOS's). The cardreader BIOS will be found by extension BIOS attribute - the first 
two bytes (55h and Aah) in BIOS, beginning from address 0000. The control over the 

10 computer will be transferred to the card reader, which will read the installing signature 
from the card ROM. If the signature is present, the chip card will be initialized by the 
command, protocol of which differs between different card types. Then the ID code 
recorded in the card memory (offset 0) will be read and compared to the ID code on the 
hard drive disk. If the ID codes match, the control will be transferred back to computer 

15 BIOS and the boot process continues. In this situation the boot process is controlled and 
the data exchange between the computer and chip card is possible, using different pieces 
of software. 

All these instances have in common the possibility to control the computer's 
hardware clock's interrupt int. lch by software - this is achieved by storing the contents 

20 of a card reader BIOS in the computer memory as a TSR program, which controls the 
operation of the computer. 

It is clear, that all the possibilities of the chip card usage for strengthening the 
data securiy of a computer, can be mixed different applications as needed and add 
program solutions of OS control for different cards. This means, that one can use 

25 different types of cards and different ID numbers in the same computer. It is possible to 
use PIC (Programmable Integrated Circuit) card, to boot the computer, but some other 
user can access his/her data or logical drive through the OS, using SIM-card, There is no 
need to change the card reader in order to change the chip card type; it is enough to 
change the reader's software accordingly. 

30 The exemplary embodiment of the invention is described, based on fig. 1. On the 

fig. 1 is the block diagram of the device according to the invention. The electronics block 
of the card reader on fig. 1 is installed in the ISA or PCI bus connector. The card reader 
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slot is a separate unit, which is attached to a free 3.5" floppy disk slot. The card reader 
and electronics block are connected via flat-cable and according connectors. 

The electronics block has a bi-directional bus buffer for buffering the data bus. 
The bus buffer is connected to chip card read/write circuitry, which in turn is connected 
5 to card reader device, attached to 3.5" floppy disk slot. The ISA or PCI card address 
decoder inputs are built so t that only addresses C000 to e800 are selected. This address 
range is assigned to add-on card BIOS's. To avoid possible BIOS address conflicts, the 
address decoder has an option to change the cardreader BIOS address. During the boot 
process, the computer BIOS checks for add-on cards and finds the card reader. The card 
10 reader then assumes the control over the computer. The I/O port selector gives the 
possibility to select different I/O port address in the rage from 300h to 3e0. The I/O 
address selector is technically similar to BIOS address decoder. All the communications 
between the computer and the card reader will be accomplished at this address through 
the selected I/O port. 
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CLAIMS 

1 Method of disabling the unauthorised access to computer, the method comprising: 
inserting a chip card into the card reader and reading of data, stored on the chip card by 
5 the computer, wherein the card must be inserted before the end of a boot process - i.e. 
the chip card and the ID code contained on the chip card are read before any other 
program takes over. 

2. Method according to the claim 1, comprising the steps of: 

10 - initializing of the card reader by POST subfunction ROM SCAN, built in the 
computer's internal BIOS, 

- finding of the card reader BIOS by the first two bytes of an extension BIOS of a 
cardreader, which are 55h and Aah, beginning from address 0000, 

- transferring of the control over the computer to the card reader, which then reads the 
15 installation signature from the computer's hard drive disk, 

- in the absence of the signature, transferring the control back to computer BIOS and the 
boot process resumes normally. 

3. Method according to the claim 1, further comprising the steps of: 

20 - on finding the installation signature present on the hard drive disk, the chip card will be 
initialized, using the protocol, which is corresponding to current chip card; the ID code 
stored on the chip card memory (offset 0) is read and compared to the ID code stored on 
the hard drive disk, 

- if both ID codes match, the control is transferred back to computer and the boot process 
25 will resume normally. 

4. Method according to the claim 1, further comprising the steps of: 

- transferring the control over the computer to the card reader, which will read the 
installing signature from the card ROM, 

30 - on finding the installation signature present on the hard drive disk, the chip card will be 
initialized, using the protocol, which is corresponding to current chip card; the ID code 
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stored on the chip card memory (offset 0) is read and compared to the ID code stored on 
the hard drive disk, 

- if both ID codes match, the control is transferred back to computer and the boot process 
will resume normally. 

5 

5. Method according to the claim 1, wherein the boot process can be controlled or not 
controlled and data can be exchanged between the chip card and the computer, using 
different software solutions. 

10 6. Method according to any preceding claims, wherein it is possible to take software 
control of the computer hardware clock interrupt 1 ch by reading the card reader BIOS 
into the computer memory as a TSR (resident) program, which controls the computer. 

7. Method according to any preceding claims, wherein the described steps can be 
15 combined or added to operating system program solutions for different card types. 

8. Device of disabling the unauthorised access to computer, comprising: 

card reader device, bi-directional data bus buffer, electronic circuitry for reading and 
writing chip cards, ISA or PCI bus connector, card reader BIOS, address decoder for 
20 selecting address range C000 to e800 and input/output port with address selector for 
address range 300h to 3e0. 

9. Device according to the claim 8, characterized in that the card reader device can be 
mounted into the 3.5 n floppy disk slot. 

25 

10. Device according to the claim 8, characterized in that the device is interchangeable 
between other IBM-compatible PC-s. 
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